Php 错误登录也会打开会话
我已经用sqlite编写了这个基于php的登录:Php 错误登录也会打开会话,php,sqlite,session,login,Php,Sqlite,Session,Login,我已经用sqlite编写了这个基于php的登录: <?php $db = new PDO('sqlite:data.db'); session_start(); if (isset($_SESSION['timeout'])) { if ($_SESSION['timeout'] + 4 < time()) { session_destroy(); } } else { $_SESSION['pass'] = ""; $_SES
<?php
$db = new PDO('sqlite:data.db');
session_start();
if (isset($_SESSION['timeout'])) {
if ($_SESSION['timeout'] + 4 < time()) {
session_destroy();
}
} else {
$_SESSION['pass'] = "";
$_SESSION['timeout'] = time();
}
if (isset($_POST['pass'])) {
$_SESSION['pass'] = $_POST['pass'];
}
if (!empty($_SESSION['pass'])) {
$result = $db->query("SELECT password,user FROM users");
foreach ($result as $row) {
if (password_verify($_SESSION['pass'], $row['password'])) {
echo "Welcome! You're logged in " . $row['user'] . "! <a href='index.php?logout=true'>logout</a>";
if (isset($_GET['logout'])) {
unset($_SESSION['pass']);
header('location: index.php');
}
}
}
}
else {
echo '<form method="POST" action=""><input type="password" name="pass"><form>';
}
?>
我的问题是:我如何将错误的登录重定向到登录表单,而无需等待会话完成?我觉得逻辑有点不对劲,我会采取这种方法:
<?php
$db = new PDO('sqlite:data.db');
session_start();
if (isset($_GET['logout'])) { // if logout is set just log them out no need for other conditionals
unset($_SESSION['pass']);
header('location: index.php');
exit(); //exit after header otherwise page keeps processing
}
if (isset($_SESSION['timeout'])) {
if ($_SESSION['timeout'] + 4 < time()) {
session_destroy();
}
//} else {
// $_SESSION['pass'] = "";
// $_SESSION['timeout'] = time();
//}
//if (isset($_POST['pass'])) {
// $_SESSION['pass'] = $_POST['pass'];
}
if (!empty($_POST['pass'])) {
$result = $db->query("SELECT password,user FROM users");
foreach ($result as $row) {
if (password_verify($_POST['pass'], $row['password'])) {
echo "Welcome! You're logged in " . $row['user'] . "! <a href='index.php?logout=true'>logout</a>";
$_SESSION['pass'] = $_POST['pass'];
$_SESSION['timeout'] = time();
}
}
}
if(empty($_SESSION['pass'])) {
?>
<form method="POST" action="">
<input type="password" name="pass">
<input type="submit">
<form>
<?php
}
?>
此外,您还应该传递您正在测试密码的用户名。当您有更多用户时,此方法将需要较长的加载时间。当两个用户拥有相同的密码时,它也无法准确工作 我觉得这个逻辑有点不合我会采取这种方法:
<?php
$db = new PDO('sqlite:data.db');
session_start();
if (isset($_GET['logout'])) { // if logout is set just log them out no need for other conditionals
unset($_SESSION['pass']);
header('location: index.php');
exit(); //exit after header otherwise page keeps processing
}
if (isset($_SESSION['timeout'])) {
if ($_SESSION['timeout'] + 4 < time()) {
session_destroy();
}
//} else {
// $_SESSION['pass'] = "";
// $_SESSION['timeout'] = time();
//}
//if (isset($_POST['pass'])) {
// $_SESSION['pass'] = $_POST['pass'];
}
if (!empty($_POST['pass'])) {
$result = $db->query("SELECT password,user FROM users");
foreach ($result as $row) {
if (password_verify($_POST['pass'], $row['password'])) {
echo "Welcome! You're logged in " . $row['user'] . "! <a href='index.php?logout=true'>logout</a>";
$_SESSION['pass'] = $_POST['pass'];
$_SESSION['timeout'] = time();
}
}
}
if(empty($_SESSION['pass'])) {
?>
<form method="POST" action="">
<input type="password" name="pass">
<input type="submit">
<form>
<?php
}
?>
此外,您还应该传递您正在测试密码的用户名。当您有更多用户时,此方法将需要较长的加载时间。当两个用户拥有相同的密码时,它也无法准确工作 你只是在所有用户之间循环。您应该检查与特定用户的密码匹配情况。我一直在尝试将登录代码放在php工作表中的几个位置,但我不知道如何操作。你能帮我吗?你能格式化代码并提供数据库结构吗?您只存储密码吗?@chris85更改了上面的问题,向您显示了该信息。好的,您计划在表单中传递
用户用户